Thoughts on Offensive and Defensive Cybersecurity

Using NMAP in a Virtual Lab

Abstract

I will gather the appropriate tools to set up a virtual lab. Afterward, I will use the virtual lab to demonstrate the utility of NMAP. The NMAP demonstration will include network scanning and port analysis.

Materials

– Windows 10 64x

– Working internet connection

– Internet browser

– At least 124 MB of RAM and 20 GB of hard disk storage space

– Passwords

– VMware Workstation 12 Player

– Metasploitable 2 Virtual Disk File

– Kali Linux Virtual Disk File

– 7-Zip application

Methodology

Start the lab by booting into Windows 10 and downloading the software required to establish a suitable virtual laboratory. VMware Workstation 12 Player should be procured in order to run virtual machines. Find the VMware download page at vmware.com and download the Windows 64 bit version. Afterward, install the VMware station with default settings. Next, the Kali Linux virtual disk file should be retrieved in order to run offensive security tests with NMAP. Find the virtual disk file at offensivesecurity.com and download the 64 bit VM. To verify that the file is what the developer intended to distribute, run a hash algorithm against the file and compare the value with the value listed by the distributor. To run a hashing algorithm, a hashing program can be downloaded from digitalvolcano.com. Furthermore, Metasploitable 2 will need to be acquired, which will serve as a target for penetration testing. Download a Metasploitable 2 image from information.rapid7.com. Finally, an unzipping application will be needed to unpack the downloaded files. Retrieve 7-Zip from 7-zip.org and install the application.

The following steps involve the configuration and preparation of the virtual laboratory. First, use 7-zip to unpack all downloaded zipped files and extract the contents to folders that can be found later. Afterward, run the VMware Workstation application and left-click on “Open a Virtual Machine.” Navigate to the folder containing the Kali Linux virtual disk file and left-click the image file. Consequently, the Kali virtual machine will be added to VMware’s library. Next, left-click on “Open a Virtual Machine” and select the Metasploitable 2 image to add Metasploitable to the VM library.

The next phase of the lab includes the final setup of the virtual laboratory. Open the Kali VM by left clicking on its button in the VMware library. Log in with username “root” and password “toor.” Then, open the Metasploitable VM and log in as “msfadmin” using the password “msfadmin.” Ensure that both virtual machines are set to connect to “VMnet 3.” Configure each VM to connect to VMnet 3 by using the VMware virtual machine window to navigate to “Player”, “Manage”, and then “Network Adapter.” Select “VMnet 3” in the Kali window and the Metasploitable window. Next, set your IP address in Kali Linux to 192.168.1.50. In order to setup the IP address, open a terminal in Kali Linux and enter the command: “sudo ifconfig eth0 192.168.1.50.”* Additionally, Metasploitable’s IP address should be configured on the same subnet. Use Metasploitable to issue the command: “sudo ifconfig eth0 192.168.1.60.” Metasploitable will require a password after the command is issued, so enter “msfadmin.” Then, restart the networking processes in each VM by running the command: “sudo /etc/init.d/networking restart” in Kali. Issue the same command in Metasploitable, and when asked for a password, enter “msfadmin.” Finally, use Metasploitable to run the command “sudo ifconfig” and record the IP address on the line “eth0” where it mentions “inet address.” This will serve as Metasploitable’s IP address for the remainder of the lab. If “sudo ifconfig” revealed no IP address, issue the command “sudo ifconfig eth0 192.168.1.60” to bring Metasploitable back on the subnet.

As the final phase, NMAP will be used to scan Metasploitable for vulnerabilities. First, to verify that the VMs occupy the same network, ping Metasploitable with Kali Linux. In the Kali Linux terminal, issue the command “sudo ping 192.168.1.60.”** If the command yields a feed of results of “ms”, then the networking is configured properly. However, if the terminal says that the host is unavailable, try repeating prior steps. Then, enter “CTRL+C” to stop the feed. To begin demonstrating NMAP, use the Kali VM to enter the command “sudo nmap 192.168.1.60.” Doing so should generate a list of ports, port statuses, and services used by Metasploitable. Next, issue the command “sudo nmap –v 192.168.1.60” to generate even more information with the “verbose” switch. Afterward, enter the command “sudo nmap –O –v 192.168.1.60” to yield even more information about the target computer, such as the OS, the number of hops, and the kind of device. For information about TCP prediction, IP ID sequences, service information, and system up time, issue the command “sudo nmap –sV –O –v 192.168.1.60.” Or, to conduct a simple ping scan, issue the command “sudo nmap –sP 192.168.1.60.” Moreover, to ping all hosts on the network, enter the command “sudo nmap –sP 192.168.1.*.” To be more precise, scan the network for boxes running web servers with the command “sudo nmap –p80 192.168.1.*.” Doing so will target port 80 on all hosts within the network. Finally, to target multiple ports on all hosts within the network, try the command “sudo nmap –p21,23,80 192.168.1.*.”

*Commands should be issued without quotation marks.

**NMAP and ping commands should use the IP address listed by the “ifconfig” command in Metasploitable. For the purposes of this paper, “192.168.1.60” simply serves as a placeholder.

Figure 10: Screenshot of confirming IP address after restarting network processes. Note that an IP address is lacking in the field it should be in. Fix this by entering “sudo ifconfig eth0 192.168.1.60.”

Figure 11: Screenshot of using the “ifconfig” command to confirm that the IP configuration worked.